Computer Security and
Cryptography Reading Group
October 2003 List
Date & Location |
Reading |
1 Oct. 2003
5331 CS
2:30 - 3:30 PM
|
David L. Chaum
Berkeley
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms
"Communications of the ACM", Volume 24, Issue 2 (February 1981), Pages 84 - 90
URL: http://portal.acm.org/citation.cfm?doid=358549.358563
A technique based on public key
cryptography is presented that allows
an electronic mail system to hide who
a participant communicates with as
well as the content of the
communication - in spite of an
unsecured underlying telecommunication
system. The technique does not
require a universally trusted
authority. One correspondent can
remain anonymous to a second, while
allowing the second to respond via an
untraceable return address.
The technique can also be used to form
rosters of untraceable digital
pseudonyms from selected applications.
Applicants retain the exclusive
ability to form digital signatures
corresponding to their pseudonyms.
Elections in which any interested
party can verify that the ballots have
been properly counted are possible if
anonymously mailed ballots are signed
with pseudonyms from a roster of
registered voters. Another use allows
an individual to correspond witha
record-keeping organization under a
unique pseudonym which appears in a
roster of acceptable clients.
|
8 Oct. 2003
5331 CS
2:30 - 3:30 PM
|
Michael J. Freedman, Robert Morris
NYU / MIT
Tarzan: a peer-to-peer anonymizing network layer
Proceedings of the 9th ACM conference on Computer and communications security (CCS'02), Washington, DC, USA, SESSION: Peer to peer networks, pp. 193 - 206, 2002
URL: http://portal.acm.org/citation.cfm?doid=586110.586137
Tarzan is a peer-to-peer anonymous IP
network overlay. Because it provides
IP service, Tarzan is general-purpose
and transparent to
applications. Organized as a
decentralized peer-to-peer overlay,
Tarzan is fault-tolerant, highly
scalable, and easy to manage. Tarzan
achieves its anonymity with layered
encryption and multi-hop routing, much
like a Chaumian mix. A message
initiator chooses a path of peers
pseudo-randomly through a restricted
topology in a way that adversaries
cannot easily influence. Cover traffic
prevents a global observer from using
traffic analysis to identify an
initiator. Protocols toward unbiased
peer-selection offer new directions
for distributing trust among untrusted
entities. Tarzan provides anonymity to
either clients or servers, without
requiring that both participate. In
both cases, Tarzan uses a network
address translator (NAT) to bridge
between Tarzan hosts and oblivious
Internet hosts. Measurements show that
Tarzan imposes minimal overhead over a
corresponding non-anonymous overlay
route.
|
22 Oct. 2003
5331 CS
2:30 - 3:30 PM
|
R. Sekar, V.N. Venkatakrishnan, Samik
Basu, Sandeep Bhatkar, Daniel
C. DuVarney
SUNY Stony Brook
Model-Carrying Code: A Practical
Approach for Safe Execution of
Untrusted Applications
SOSP'03, October 19-22, 2003, Bolton Landing, New York, USA.
URL: http://www.cs.rochester.edu/sosp2003/papers/p214-sekar.pdf
This paper presents a new approach
called model-carrying code (MCC) for
safe execution of untrusted code. At
the heart of MCC is the idea that
untrusted code comes equipped with a
concise highlevel model of its
security-relevant behavior. This model
helps bridge the gap between
high-level security policies and
low-level binary code, thereby
enabling analyses which would
otherwise be impractical. For
instance, users can use a fully
automated veri- fication procedure to
determine if the code satisfies their
security policies. Alternatively, an
automated procedure can sift through a
catalog of acceptable policies to
identify one that is compatible with
the model. Once a suitable policy is
selected, MCC guarantees that the
policy will not be violated by the
code. Unlike previous approaches, the
MCC framework enables code producers
and consumers to collaborate in order
to achieve safety. Moreover, it
provides support for policy selection
as well as enforcement. Finally, MCC
makes no assumptions regarding the
inherent risks associated with
untrusted code. It simply provides the
tools that enable a consumer to make
informed decisions about the risk that
he/she is willing to tolerate so as to
benefit from the functionality offered
by an untrusted application.
|
29 Oct. 2003
5331 CS
2:30 - 3:30 PM
|
Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe
MIT
Secure Execution Via Program Shepherding
Proceedings of the
11th USENIX Security Symposium, 5-9
August 2002, San Francisco,
California, USA.
URL: http://www.usenix.org/events/sec02/full_papers/kiriansky/kiriansky.pdf
We introduce program shepherding, a
method for monitoring control flow
transfers during program execution to
enforce a security policy. Program
shepherding provides three techniques
as building blocks for security
policies. First, shepherding can
restrict execution privileges on the
basis of code origins. This
distinction can ensure that malicious
code masquerading as data is never
executed, thwarting a large class of
security attacks. Second, shepherding
can restrict control transfers based
on instruction class, source, and
target. For example, shepherding can
forbid execution of shared library
code except through declared entry
points, and can ensure that a return
instruction only targets the
instruction after a call. Finally,
shepherding guarantees that sandboxing
checks placed around any type of
program operation will never be
bypassed. We have implemented these
capabilities efficiently in a runtime
system with minimal or no performance
penalties. This system operates on
unmodified native binaries, requires
no special hardware or operating
system support, and runs on existing
IA-32 machines under both Linux and
Windows.
|
|
< Back to the Sec & Crypto reading group page
|